RE: Remote connectivity problems

The user's computer has already been joined to the domain using the CEICW.

The problem is that since joining the domain, when he uses the laptop
computer remotely (from outside his LAN), he now has problems accessing sites
that require a username/password, such as hotmail and some other
business-related sites that he uses.

His wireless card is set to obtain ip & dns addresses dynamically.

Is there any reason that he should now have problems accessing secure sites
since his laptop computer was joined to the domain?
--
D. Milton

This posting is provided "AS IS" with no warranties, and
confers no rights.



""Crina Li"" wrote:

Hi Milton,

Thank you for posting in SBS newsgroup.

From the description, do you mean you have added a remote client to SBS
domain or add a LAN client computer to SBS domain and encounter such issue?
Can you describe the detailed scenario for me?

Currently, I am glad to provide the following information for adding remote
client into SBS domain for your reference:

I. If you have hardware VPN tunnel setup using Linksys or others, you can
follow the steps below to join the domain:

1. On the SBS server, run Set Up Computer Wizard to create the remote
computer account. Under Client Applications, uncheck everything except
Client Operating System Service Packs.

2. On the remote computer, manually install the service pack (XP SP1a and
W2k SP4) from CD3\SBS\CLIENTAPPS.

3. Connect to http://servername/connectcomputer to join the domain.

4. When the machine is part of the domain, logon again and install
Outlook/IE from the CD. You will find the Outlook CD key on the back CD
case #2.

II. Otherwise, you may want to manually join the domain. I'd suggest that
you use the following configuration, SBS Domain <-> ISA/RRAS <-> remote
client.

In this scenario you have to configure the SBS Server computer to enable
external VPN clients for dialing in by using a VPN. Therefore, there is one
border from the external to the internal computer.

1. Configure VPN service on the SBS server

Run the Configure Remote Access wizard to let the System automatically
configure the VPN service for you: Server Management -> Standard Management
-> To Do List, and then click Configure Remote Access in the right pane.

2. Create a VPN connection to ISA/RRAS (external adapter) on the Internet
client.

NOTE: The following procedure assumes that there is already an existing
Internet connection.

A. Open Network and Dial-Up Connections.
B. Click Make New Connection, and then click Connect to a private network
through the Internet.
C. Type the name or IP address of the public interface of the ISA Server
computer as the destination address.
D. Make sure that the users that are configured on the ISA Server computer
are able to dial in remotely. To make sure that the users can dial in
remotely, either use Domain Users to allow these users dial-in permissions
when your ISA Server computer is connected to the local domain or use a
local user on the ISA Server computer and grant dial-in permissions.

3. To connect from an external client (Internet) to the domain, follow
these steps (it is assumed that the client is already connected to the
Internet):

A. Establish the VPN and make sure you enter a valid account which has
dial-in permissions.
B. Join the domain (for example, support.ms.com) from the remote client or
server.
C. Forward a request to the DNS server that is a member of the domain to
resolve DNS names. This traffic is now routed over the VPN connection.

The local DNS server responds to the remote client by using ISA Server as
the VPN router. All traffic (LDAP, SMB, NetBIOS, DNS, and so on) is routed
over the VPN connection and the remote client or server can access the
domain as if it is on the intranet relative to the domain. Please note that
you must establish the VPN connection before you can access the domain.

Related Knowledge Base articles:

303503 How to Join or Access an Internal Domain from an External Client
Using ISA Server and VPN
http://support.microsoft.com/?id=303503

179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442

295017 How to change a computer name or join a domain in Windows XP
http://support.microsoft.com/?id=295017

Connecting a remote workstation to a domain [Author Marina Roos]
http://www.smallbizserver.net/Default.aspx?tabid=146

NOTE: This response contains a reference to a third party World Wide Web
site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.

For joining a LAN client to SBS domain, please refer to the following steps:

You can bring the computers from "workgroup" to "Domain" as following:

1. Make sure the client computers get the IP addresses and DNS
configurations from the SBS 2003 DHCP service correctly.
2. In Server computer, create a user account and computer account for each
user by using the Add Users and Computers Wizard.
3. Log on a client workstation using its local administrator account.
4. In client computer, open IE and run http://servername/connectcomputer.
5. Follow the wizard to finish.

Hope this helps.

Please feel free to let me know if you have any questions or if you need
further assistance.

I'm looking forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Remote connectivity problems
| t| From: =?Utf-8?B?RC4gTWlsdG9u?= <D.Milton@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Remote connectivity problems
| Date: Tue, 25 Apr 2006 07:13:02 -0700
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| Hi,
|
| One of the users in the office is now having problems when accessing web
| sites that require username/passoword since his laptop was added to the
| domain using CIECW. Apparently, any site, such as hotmail and the remote
web
| site, that requires any level of security fails.
|
| I have received his ipconfig /all setting over the phone (they sound
fine),
| but don't have any results since he couldn't email. He says he gets page
not
| found. His DNS address is set to dynamic as is his ip address.
|
| His LAN card (wired) is set statically for the company's internal LAN, if
| memory serves.
|
| I think that something may have gone wrong when his computer was joined
to
| the domain, though, because he cannot change any of his network settings
from
| his domain account because they are grayed out. He has to change them by
| logging in as administrator for the computer.
|
| Any assistance appreciated.
|
| --
| D. Milton
|
| This posting is provided "AS IS" with no warranties, and
| confers no rights.
|
|


.

Relevant Pages

  • Re: VPN Client Incorrect Netmask (Vista -> Win2K3)
    ... The remote client gets its network config from the remote access server as part of the ppp negotiation. ... Microsoft programmers SEVERLY damaged the VPN Client in Vista and Server 2008. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN error with sbs2003 and isa 2000 installed
    ... connection from a remote client, the connection terminated in the process ... You receive an "Error 721" error message when you try to establish a VPN ... Open Server Management console and navigate to 'To Do ... Please temporarily place a client directly connected to the external NIC ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN PPTP problem
    ... external NIC IP is in the same subnet with the remote client. ... Please try to establish the VPN connection from the internal clients. ... |> How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with connectcomputer and active directory
    ... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)